Virus and Spyware Removal Guides, uninstall instructions

What kind of application is BrowserActivity?

BrowserActivity's installer has an appearance of the installer for the Adobe Flash Player - this application is distributed using a fake installer. Typically, fake installers install unwanted software. In this case, an unwanted application that generates advertisements, changes the affected web browser's settings, and collects data.

Apps that function like BrowserActivity are called adware and browser hijackers. It is worth mentioning that it is unlikely for apps like BrowserActivity to be downloaded and installed on purpose.

That is why they are called potentially unwanted applications.

What is oossautsid[.]com?

Sharing many similarities with acancyfopl.biz, topfreearticles.xyz, suadeh.club, and thousands of others, oossautsid[.]com is a rogue website. This page is designed to present visitors with dubious content and/or redirect them to untrustworthy and malicious sites.

Users rarely access such websites intentionally; most get redirected to them by intrusive ads or installed PUAs (Potentially Unwanted Applications). This software can infiltrate systems without user permission.

PUAs can have heinous functionalities, including - causing redirects, running intrusive advert campaigns, and collecting browsing-related information.

What is acancyfopl[.]biz?

It is strongly advisable not to visit the acancyfopl[.]biz website or trust websites opened through it. This page is designed to check visitor's geolocation and then load deceptive content or open questionable websites (about two or three of them).

Typically, websites like acancyfopl[.]biz are promoted via deceptive advertisements, untrustworthy sites, or potentially unwanted applications (PUAs).

In other words, users do not visit pages like acancyfopl[.]biz intentionally. It is worth mentioning that PUAs can be designed to collect various data and generate advertisements. Typically, users download and install them unknowingly.

What is the EpsilonRed ransomware?

EpsilonRed is a piece of malicious software categorized as ransomware. This malware is programmed in the Go programming language. It operates by encrypting data (rendering files inaccessible) - to make ransom demands for the decryption (access recovery).

During the encryption process, files are appended with the ".EpsilonRed" extension. For example, a file initially titled something like "1.jpg" would appear as "1.jpg.EpsilonRed", "2.jpg" as "2.jpg.EpsilonRed", "3.jpg" as "3.jpg.EpsilonRed", etc.

Following the completion of this process, ransom notes - "HOW_TO_RECOVER.EpsilonRed.txt" - are dropped into affected folders. It is noteworthy that the manner in which EpsilonRed ransomware has been observed infecting systems is quite sophisticated.

EpsilonRed is the final payload of the infection process, which includes the deletion of Volume Shadow Copies and Windows Event Logs, modification of the Windows Firewall, program removal or process termination (i.e., anti-virus software, backup and database services, office applications, email clients, etc.), and many other malicious actions. The EpsilonRed ransomware has been used to attack US businesses dealing in the hospitality sphere.

These attacks were likely enabled by a vulnerable enterprise Microsoft Exchange server.

What is Kelly?

Ransomware is a type of malware that denies access to files by encrypting them and creates or displays a ransom demanding message. Cybercriminals monetize ransomware by selling their victims decryption tools.

Kelly encrypts files and modifies their filenames by appending the ".locky" extension to them. For example, it changes the filename of a file named "1.jpg" to "1.jpg.locky", "2.jpg" to "2.jpg.locky", and so on.

Kelly displays a pop-up window as its ransom note. Its ransom note is written in Chinese language.

What is NetDataSearch?

Part of the AdLoad malware family, NetDataSearch is classified as adware and possesses browser hijacker capabilities. It delivers intrusive, annoying, untrusted and even harmful advertisements.

NetDataSearch browser hijacking characteristics include browser modification and promotion of fake search engines. Furthermore, adware and browser hijackers usually have data tracking capabilities, which are employed to monitor users' browsing activity.

Most users install this application unintentionally, and therefore it is also classified as a Potentially Unwanted Application (PUA). NetDataSearch is known to proliferate through bogus Flash Player updates.

Note that fake updaters can spread Trojans, ransomware and other malware.

What is Allah ransomware?

Allah is a ransomware-type malicious program. It encrypts data, which renders the files inaccessible and unusable. The ransomware then creates ransom notes that demand payment for the decryption (i.e., access/use recovery).

During the encryption process, files are appended with the ".allah" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.allah" - following encryption.

After this process is complete, ransom-demanding messages - "HELP_DECRYPT_YOUR_FILES.txt" - are dropped into compromised folders.

What is topfreearticles[.]xyz?

Topfreearticles[.]xyz functions as suadeh[.]club, top-captcharesolver[.]com, apsolutamente[.]com and a great number of other pages of this type. This page opens a couple of questionable, potentially malicious sites or displays deceptive content - it depends on the geolocation of its visitors.

In one way or another, websites like topfreearticles[.]xyz cannot be trusted. Users rarely open such pages by themselves. In most cases, these pages get opened through clicked deceptive ads, visited untrustworthy websites or installed potentially unwanted applications (PUAs).

What is SearchConvertersWeb?

SearchConvertersWeb is a piece of software classified as a browser hijacker. It operates by making changes to browser settings - in order to promote (by causing redirects to) the searchconvertersweb.com fake search engine.

Furthermore, software within this classification gathers browsing-related information. Due to the questionable techniques used to distribute browser hijackers, they are also categorized as PUAs (Potentially Unwanted Applications).

What is XRatLocker?

Ransomware is a form of malicious software that prevents victims from accessing their data by encrypting it and generates a ransom demanding message (e.g., a text file or a pop-up window). XRatLocker ransomware variant encrypts files and changes their extension to ".crypted".

For example, it renames a file named "1.jpg" to "1.jpg.crypted", "2.jpg" to "2.jpg.crypted", and so forth. This ransomware creates the "how to recover files.html" file as a ransom note.

XRatLocker creates this HTML file in all folders containing affected files.